Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
EASM mistakes waiting to happen
Search
JR0ch17
January 25, 2022
Technology
59
0
Share
EASM mistakes waiting to happen
JR0ch17
January 25, 2022
More Decks by JR0ch17
See All by JR0ch17
Traversing my way in the internal network
jr0ch17
0
190
Getting Started in Bug Bounty
jr0ch17
0
170
Getting Blindly Lucky
jr0ch17
0
100
Qu'est-ce que le bug bounty?
jr0ch17
0
160
Finding 5 bugs in a single parameter
jr0ch17
0
120
Beyond the Borders of Scope
jr0ch17
1
99
Bad API, hAPI Hackers!
jr0ch17
0
1.6k
Other Decks in Technology
See All in Technology
AIが変えた"品質の守り方"
kkakizaki
13
5.5k
string地獄を脱出する
sansantech
PRO
1
110
TypeScript Compiler APIとPHP-Parserを活用し、TypeScriptとPHPで型を共有する
shuta13
0
270
オンコールの負荷軽減のためのBits Assistant 活用方法 / How to Use Bits Assistant to Reduce the Workload on On-Call Staff
sms_tech
1
350
ルールやカスタム機能、どう使う?理想の出力を引き出すために今知りたいIBM Bob 5つの機能
muehara
0
160
Platform Engineering as a Product: Criteria for Improvement and Multi-Tenant Design
kumorn5s
0
420
long-running-tasks
cipepser
2
450
Oracle AI Database@AWS:サービス概要のご紹介
oracle4engineer
PRO
4
2.7k
OpenClawとHermesAgentでAI新入社員を作った話
takanoriyanada
0
150
はじめてのDatadog
kairim0
0
240
Generative UI × A2UI で AI エージェントを作った話 AI-DLC も使ってみた!
kmiya84377
1
290
Diagnosing performance problems without the guesswork
elenatanasoiu
0
130
Featured
See All Featured
Fashionably flexible responsive web design (full day workshop)
malarkey
408
66k
Crafting Experiences
bethany
1
160
4 Signs Your Business is Dying
shpigford
187
22k
End of SEO as We Know It (SMX Advanced Version)
ipullrank
3
4.2k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
49
3.4k
AI Search: Where Are We & What Can We Do About It?
aleyda
0
7.5k
Reality Check: Gamification 10 Years Later
codingconduct
0
2.2k
Designing Experiences People Love
moore
143
24k
A Modern Web Designer's Workflow
chriscoyier
698
190k
Large-scale JavaScript Application Architecture
addyosmani
515
110k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
128
55k
sira's awesome portfolio website redesign presentation
elsirapls
0
270
Transcript
EASM mistakes waiting to happen
GET /whoami HTTP/2 Jasmin Landry JR0ch17 Lead, IT & Security
at Montreal Canadiens fan
GET /agenda HTTP/2 EASM Common mistakes Hacker perspective
GET /EASM HTTP/2 What exactly is EASM? What does it
cover? Why is it important?
GET /common_mistakes HTTP/2 Lack of Change Management Not respecting Least
Privilege Misconfigured WAFs Cloud misconfigs (S3 buckets)
GET /hacker_perspective HTTP/2 • Subdomains • IPs • TLS certificates
• Third-party apps Recon EVERYTHING • Monitor for new assets • Monitor any change Continuous Monitoring
GET /thanks HTTP/2 Thank you for listening Questions? More questions?
DMs are open on and
jr0ch17
kkakizaki
sansantech
shuta13
sms_tech
muehara
kumorn5s
cipepser
oracle4engineer
takanoriyanada
kairim0
kmiya84377
elenatanasoiu
malarkey
bethany
shpigford
ipullrank
tammyeverts
aleyda
codingconduct
moore
chriscoyier
addyosmani
aki_iinuma
elsirapls
